RHEL 7:Satellite Server (RHSA-2018:0336)
high Nessus Plugin ID 107053
語系:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。說明
現已提供適用於 Red Hat Satellite 的更新。Red Hat 產品安全性團隊已將此更新評等為具有重要安全性影響。可從〈參照〉一節的 CVE 連結中取得每個弱點之常見弱點評分系統 (CVSS) 的基本分數,其中包含有關嚴重性評等的詳細資訊。Red Hat Satellite 是一種適用於 Linux 型基礎結構的系統管理工具。只要使用一個集中式工具,就可以佈建、遠端管理和監控多個 Linux 部署。此更新提供適用於 Red Hat Enterprise Linux 7 Satellite 伺服器的 Satellite 6.3 套件。如需瞭解 Satellite 6.3 提供的新功能完整清單,請參閱〈參照〉一節連結的版本資訊。請參閱《Satellite 6 安裝指南》瞭解如何安裝新 Satellite 6.3 環境的詳細指示,或參閱《Satellite 6 升級和更新指南》瞭解如何升級舊版 Satellite 6 的詳細指示。建議所有需使用 Satellite 6.3 版的使用者安裝這些新套件。安全性修正:* V8:整數溢位導致區域中發生緩衝區溢位:新 (CVE-2016-1669) * rubygem-will_paginate:XSS 弱點 (CVE-2013-6459) * foreman:具有組織「belongs_to」關聯的模組未確認關聯屬於該組織 (CVE-2014-8183) * foreman:在佈建範本中檢查會洩漏機密控制器資訊 (CVE-2016-3693) * pulp:在 NSS DB 密碼和種子使用不安全的 bash $RANDOM (CVE-2016-3704) * foreman:透過組織和位置 API 的權限提升 (CVE-2016-4451) * foreman:在 discovery-debug 內,password 密碼顯示為純文字 (CVE-2016-4996) * foreman:Foreman 遠端執行外掛程式中的持續 XSS (CVE-2016-6319) * foreman:透過組織/地點儲存的 XXS,名稱中有 HTML (CVE-2016-8639) * katello-debug:因為使用可預期的檔案名稱,所以可能會發生符號連結攻擊 (CVE-2016-9595) * rubygem-hammer_cli:未驗證 API 伺服器的 SSL 憑證 (CVE-2017-2667) * foreman:影像密碼洩漏 (CVE-2017-2672) * pulp:pulp-qpid-ssl-cfg 中 CA 金鑰洩漏 (CVE-2016-3696) * foreman:佈建範本預覽中發生資訊外洩 (CVE-2016-4995) * foreman-debug:未模糊機密資訊 (CVE-2016-9593) 如需安全性問題的詳細資料,包括影響、CVSS 分數及其他相關資訊,請參閱〈參照〉一節列出的 CVE 頁面。Red Hat 感謝 Randy Barlow (RedHat) 報告 CVE-2016-3704 及 Sander Bos 報告 CVE-2016-3696。CVE-2014-8183 問題是由 Eric Helms (Red Hat) 所發現;CVE-2016-3693 和 CVE-2016-4995 問題是由 Dominic Cleal (Red Hat) 所發現;CVE-2016-4451 和 CVE-2016-6319 問題是由 Marek Hulan (Red Hat) 所發現;CVE-2016-4996 問題是由 Thom Carlin (Red Hat) 所發現;CVE-2016-8639 問題是由 Sanket Jagtap (Red Hat) 所發現;CVE-2016-9595 問題是由 Evgeni Golov (Red Hat) 所發現;CVE-2017-2667 問題是由 Tomas Strachota (Red Hat) 所發現;及 CVE-2016-9593 問題是由 Pavel Moravec (Red Hat) 所發現。解決方案
更新受影響的套件。另請參閱
http://www.nessus.org/u?809d0a34
http://www.nessus.org/u?eab6a4df
https://access.redhat.com/errata/RHSA-2018:0336
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1019214
https://bugzilla.redhat.com/show_bug.cgi?id=1046642
https://bugzilla.redhat.com/show_bug.cgi?id=1132402
https://bugzilla.redhat.com/show_bug.cgi?id=1133515
https://bugzilla.redhat.com/show_bug.cgi?id=1140671
https://bugzilla.redhat.com/show_bug.cgi?id=1144042
https://bugzilla.redhat.com/show_bug.cgi?id=1145653
https://bugzilla.redhat.com/show_bug.cgi?id=1154382
https://bugzilla.redhat.com/show_bug.cgi?id=1177766
https://bugzilla.redhat.com/show_bug.cgi?id=1187338
https://bugzilla.redhat.com/show_bug.cgi?id=1190002
https://bugzilla.redhat.com/show_bug.cgi?id=1199204
https://bugzilla.redhat.com/show_bug.cgi?id=1210878
https://bugzilla.redhat.com/show_bug.cgi?id=1215825
https://bugzilla.redhat.com/show_bug.cgi?id=1217523
https://bugzilla.redhat.com/show_bug.cgi?id=1245642
https://bugzilla.redhat.com/show_bug.cgi?id=1255484
https://bugzilla.redhat.com/show_bug.cgi?id=1257588
https://bugzilla.redhat.com/show_bug.cgi?id=1260697
https://bugzilla.redhat.com/show_bug.cgi?id=1263748
https://bugzilla.redhat.com/show_bug.cgi?id=1264043
https://bugzilla.redhat.com/show_bug.cgi?id=1264732
https://bugzilla.redhat.com/show_bug.cgi?id=1265125
https://bugzilla.redhat.com/show_bug.cgi?id=1270771
https://bugzilla.redhat.com/show_bug.cgi?id=1274159
https://bugzilla.redhat.com/show_bug.cgi?id=1278642
https://bugzilla.redhat.com/show_bug.cgi?id=1278644
https://bugzilla.redhat.com/show_bug.cgi?id=1284686
https://bugzilla.redhat.com/show_bug.cgi?id=1291935
https://bugzilla.redhat.com/show_bug.cgi?id=1292510
https://bugzilla.redhat.com/show_bug.cgi?id=1293538
https://bugzilla.redhat.com/show_bug.cgi?id=1303103
https://bugzilla.redhat.com/show_bug.cgi?id=1304608
https://bugzilla.redhat.com/show_bug.cgi?id=1305059
https://bugzilla.redhat.com/show_bug.cgi?id=1306723
https://bugzilla.redhat.com/show_bug.cgi?id=1309569
https://bugzilla.redhat.com/show_bug.cgi?id=1309944
https://bugzilla.redhat.com/show_bug.cgi?id=1313634
https://bugzilla.redhat.com/show_bug.cgi?id=1317614
https://bugzilla.redhat.com/show_bug.cgi?id=1318534
https://bugzilla.redhat.com/show_bug.cgi?id=1323436
https://bugzilla.redhat.com/show_bug.cgi?id=1324508
https://bugzilla.redhat.com/show_bug.cgi?id=1327030
https://bugzilla.redhat.com/show_bug.cgi?id=1327471
https://bugzilla.redhat.com/show_bug.cgi?id=1328238
https://bugzilla.redhat.com/show_bug.cgi?id=1328930
https://bugzilla.redhat.com/show_bug.cgi?id=1330264
https://bugzilla.redhat.com/show_bug.cgi?id=1335449
https://bugzilla.redhat.com/show_bug.cgi?id=1336924
https://bugzilla.redhat.com/show_bug.cgi?id=1339715
https://bugzilla.redhat.com/show_bug.cgi?id=1339889
https://bugzilla.redhat.com/show_bug.cgi?id=1340559
https://bugzilla.redhat.com/show_bug.cgi?id=1342623
https://bugzilla.redhat.com/show_bug.cgi?id=1344049
https://bugzilla.redhat.com/show_bug.cgi?id=1348939
https://bugzilla.redhat.com/show_bug.cgi?id=1349136
https://bugzilla.redhat.com/show_bug.cgi?id=1361473
https://bugzilla.redhat.com/show_bug.cgi?id=1365815
https://bugzilla.redhat.com/show_bug.cgi?id=1366029
https://bugzilla.redhat.com/show_bug.cgi?id=1370168
https://bugzilla.redhat.com/show_bug.cgi?id=1376134
https://bugzilla.redhat.com/show_bug.cgi?id=1376191
https://bugzilla.redhat.com/show_bug.cgi?id=1382356
https://bugzilla.redhat.com/show_bug.cgi?id=1382735
https://bugzilla.redhat.com/show_bug.cgi?id=1384146
https://bugzilla.redhat.com/show_bug.cgi?id=1384548
https://bugzilla.redhat.com/show_bug.cgi?id=1386266
https://bugzilla.redhat.com/show_bug.cgi?id=1386278
https://bugzilla.redhat.com/show_bug.cgi?id=1390545
https://bugzilla.redhat.com/show_bug.cgi?id=1391831
https://bugzilla.redhat.com/show_bug.cgi?id=1393291
https://bugzilla.redhat.com/show_bug.cgi?id=1393409
https://bugzilla.redhat.com/show_bug.cgi?id=1394056
https://bugzilla.redhat.com/show_bug.cgi?id=1402922
https://bugzilla.redhat.com/show_bug.cgi?id=1406384
https://bugzilla.redhat.com/show_bug.cgi?id=1406729
https://bugzilla.redhat.com/show_bug.cgi?id=1410872
https://bugzilla.redhat.com/show_bug.cgi?id=1412186
https://bugzilla.redhat.com/show_bug.cgi?id=1413851
https://bugzilla.redhat.com/show_bug.cgi?id=1416119
https://bugzilla.redhat.com/show_bug.cgi?id=1417073
https://bugzilla.redhat.com/show_bug.cgi?id=1420711
https://bugzilla.redhat.com/show_bug.cgi?id=1422458
https://bugzilla.redhat.com/show_bug.cgi?id=1425121
https://bugzilla.redhat.com/show_bug.cgi?id=1425523
https://bugzilla.redhat.com/show_bug.cgi?id=1426404
https://bugzilla.redhat.com/show_bug.cgi?id=1426411
https://bugzilla.redhat.com/show_bug.cgi?id=1426448
https://bugzilla.redhat.com/show_bug.cgi?id=1428761
https://bugzilla.redhat.com/show_bug.cgi?id=1429426
https://bugzilla.redhat.com/show_bug.cgi?id=1434069
https://bugzilla.redhat.com/show_bug.cgi?id=1435972
https://bugzilla.redhat.com/show_bug.cgi?id=1436262
https://bugzilla.redhat.com/show_bug.cgi?id=1438376
https://bugzilla.redhat.com/show_bug.cgi?id=1439537
https://bugzilla.redhat.com/show_bug.cgi?id=1439850
https://bugzilla.redhat.com/show_bug.cgi?id=1445807
https://bugzilla.redhat.com/show_bug.cgi?id=1446707
https://bugzilla.redhat.com/show_bug.cgi?id=1446719
https://bugzilla.redhat.com/show_bug.cgi?id=1452124
https://bugzilla.redhat.com/show_bug.cgi?id=1455057
https://bugzilla.redhat.com/show_bug.cgi?id=1455455
https://bugzilla.redhat.com/show_bug.cgi?id=1458817
https://bugzilla.redhat.com/show_bug.cgi?id=1464224
https://bugzilla.redhat.com/show_bug.cgi?id=1468248
https://bugzilla.redhat.com/show_bug.cgi?id=1480346
https://bugzilla.redhat.com/show_bug.cgi?id=1480348
https://bugzilla.redhat.com/show_bug.cgi?id=1480886
https://bugzilla.redhat.com/show_bug.cgi?id=1493001
https://bugzilla.redhat.com/show_bug.cgi?id=1493494
Plugin 詳細資訊
嚴重性: High
ID: 107053
檔案名稱: redhat-RHSA-2018-0336.nasl
版本: 3.8
類型: local
代理程式: unix
已發布: 2018/2/28
已更新: 2024/4/27
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.7
CVSS v2
風險因素: High
基本分數: 9.3
時間分數: 7.3
媒介: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2016-1669
CVSS v3
風險因素: High
基本分數: 8.8
時間分數: 7.9
媒介: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:P/RL:O/RC:C
CVSS 評分資料來源: CVE-2017-2672
弱點資訊
CPE: p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:foreman-rackspace, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:hiera, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-ostree, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello_ostree, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, cpe:/o:redhat:enterprise_linux:7
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2018/2/21
弱點發布日期: 2013/12/31
參考資訊
CVE: CVE-2013-6459, CVE-2014-8183, CVE-2016-1669, CVE-2016-3693, CVE-2016-3696, CVE-2016-3704, CVE-2016-4451, CVE-2016-4995, CVE-2016-4996, CVE-2016-6319, CVE-2016-7077, CVE-2016-7078, CVE-2016-8613, CVE-2016-8634, CVE-2016-8639, CVE-2016-9593, CVE-2016-9595, CVE-2017-15699, CVE-2017-2295, CVE-2017-2667, CVE-2017-2672, CVE-2018-14623